Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
streaming engine vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-7049
An issue exists in Wowza Streaming Engine prior to 4.7.1. There is an XSS vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager) causing script injection and/or reflection via a crafted HTTP request.
Wowza Streaming Engine
3.6
CVSSv2
CVE-2021-31540
Wowza Streaming Engine up to and including 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the application server configurat...
Wowza Streaming Engine
9
CVSSv2
CVE-2020-9004
A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and previous versions allows any read-only user to issue requests to the administration panel in order to change functionality. For example, a read-only user may activate the Java JMX port i...
Wowza Streaming Engine
5
CVSSv2
CVE-2017-16922
In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine prior to 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request.
Wowza Streaming Engine
2.1
CVSSv2
CVE-2021-31539
Wowza Streaming Engine prior to 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file. A regular local user is able to read usernames and passwords.
Wowza Streaming Engine
5.8
CVSSv2
CVE-2021-35491
A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine up to and including 4.8.11+5 allows a remote malicious user to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for t...
Wowza Streaming Engine
4
CVSSv2
CVE-2021-35492
Wowza Streaming Engine up to and including 4.8.11+5 could allow an authenticated, remote malicious user to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resour...
Wowza Streaming Engine
1 Github repository
3.5
CVSSv2
CVE-2019-19453
Wowza Streaming Engine prior to 4.8.5 allows XSS (issue 1 of 2). An authenticated user, with access to the proxy license editing is able to insert a malicious payload that will be triggered in the main page of server settings. This issue was resolved in Wowza Streaming Engine 4.8...
Wowza Streaming Engine
5
CVSSv2
CVE-2019-19454
An arbitrary file download was found in the "Download Log" functionality of Wowza Streaming Engine <= 4.x.x. This issue was resolved in Wowza Streaming Engine 4.8.0.
Wowza Streaming Engine
7.2
CVSSv2
CVE-2019-19455
Wowza Streaming Engine prior to 4.8.5 has Insecure Permissions which may allow a local malicious user to escalate privileges in / usr / local / WowzaStreamingEngine / manager / bin / in the Linux version of the server by writing arbitrary commands in any file and execute them as ...
Wowza Streaming Engine
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »